Re: Email expiration?



On 6/15/06, Kurt Buff <kurt.buff@xxxxxxxxx> wrote:
On 6/14/06, Thiago Lima @ WF <thiagolima@xxxxxxxxxxxxxxx> wrote:
>
> Hi,
>
> There's any way to 'auto-destroy' na email sent after N days?
>
> I'd like to send an email to someone and after N days the email
> became unreadeble. Is that possible? I thougth about a certificate that
> expires. Will that work? Does something like that exists?
>
> Thanks alot.
> Thiago Lima.

In the general case, this is pretty silly. All they have to do is
receive it, print it or copy the text of it, and it's there
essentially forever.

The only way this works is if they receive it but don't read it before
the encryption cert expires. I can't imagine a scenario that justifies
so much work.


The issue seems to come up when someone wants to make a technological
solution to the old 'hand-carry/destroy after reading' of a document.
In these cases there are usually protocols of encryption and seals to
help clarify that the document was not tampered with during the
transmission. And then a protocol that when delivered it is read in
the presence of a recording individual and then destroyed. All of
those can be subverted but done correctly the level of trust can be
pretty high. So people wonder if they can have a technological
solution that would cuts costs or be better. Sadly I dont think you
can cut costs too much because you have to be able to put extra costs
into trusting the end-points [Physically controlled terminal, 2
person/2 organization rule to confirm that copies of the document
weren't made, etc]


Kurt



--
Stephen J Smoogen.
CSIRT/Linux System Administrator